Skip to content
Longterm Wiki
Back

Engineered prompts in emails

paper
2025·arXiv·arxiv.org/html/2510.23883v1

Authors

Shrestha Datta·Shahriar Kabir Nahin·Anshuman Chhabra·Prasant Mohapatra

Credibility Rating

3/5
Good(3)

Good quality. Reputable source with community review or editorial standards, but less rigorous than peer-reviewed venues.

Rating inherited from publication venue: arXiv

A 2025 survey paper providing a structured overview of security risks in agentic LLM systems; useful reference for researchers and practitioners working on safe deployment of autonomous AI agents.

Metadata

Importance: 62/100arxiv preprintanalysis

Abstract

Agentic AI systems powered by large language models (LLMs) and endowed with planning, tool use, memory, and autonomy, are emerging as powerful, flexible platforms for automation. Their ability to autonomously execute tasks across web, software, and physical environments creates new and amplified security risks, distinct from both traditional AI safety and conventional software security. This survey outlines a taxonomy of threats specific to agentic AI, reviews recent benchmarks and evaluation methodologies, and discusses defense strategies from both technical and governance perspectives. We synthesize current research and highlight open challenges, aiming to support the development of secure-by-design agent systems.

Summary

A comprehensive survey of security threats unique to agentic AI systems—LLM-powered autonomous agents with planning, tool use, and memory—presenting a threat taxonomy, reviewing evaluation benchmarks, and discussing technical and governance defense strategies. The paper distinguishes agentic AI risks from both traditional AI safety and conventional software security, synthesizing current research and open challenges to support secure-by-design agent development.

Key Points

  • Proposes a taxonomy of security threats specific to agentic AI, including prompt injection, tool misuse, memory poisoning, and multi-agent attack vectors.
  • Reviews evaluation benchmarks and methodologies for assessing vulnerabilities in autonomous agents operating across web, software, and physical environments.
  • Discusses defense strategies from both technical (input sanitization, sandboxing, monitoring) and governance (policy, auditing) perspectives.
  • Highlights that agentic AI risks are distinct from traditional AI safety and software security, requiring new frameworks and threat models.
  • Identifies open challenges in securing agentic systems, including the difficulty of evaluating emergent multi-step attack chains.

Cited by 2 pages

PageTypeQuality
Agentic AICapability68.0
Tool-Use RestrictionsApproach91.0

Cached Content Preview

HTTP 200Fetched Mar 20, 202698 KB
[License: arXiv.org perpetual non-exclusive license](https://info.arxiv.org/help/license/index.html#licenses-available)

arXiv:2510.23883v1 \[cs.AI\] 27 Oct 2025

# Agentic AI Security:    Threats, Defenses, Evaluation, and Open Challenges

Report issue for preceding element

Shrestha Datta
Shahriar Kabir Nahin
Anshuman Chhabra
Corresponding Author.
Prasant Mohapatra

Report issue for preceding element

###### Abstract

Report issue for preceding element

Agentic AI systems powered by large language models (LLMs) and endowed with planning, tool use, memory, and autonomy, are emerging as powerful, flexible platforms for automation. Their ability to autonomously execute tasks across web, software, and physical environments creates new and amplified security risks, distinct from both traditional AI safety and conventional software security. This survey outlines a taxonomy of threats specific to agentic AI, reviews recent benchmarks and evaluation methodologies, and discusses defense strategies from both technical and governance perspectives. We synthesize current research and highlight open challenges, aiming to support the development of secure-by-design agent systems.

Report issue for preceding element

## 1 Introduction

Report issue for preceding element

Artificial Intelligence (AI) has become one of the most transformative technologies of the twenty-first century \[ [1](https://arxiv.org/html/2510.23883v1#bib.bib1 "")\]. From early rule-based expert systems \[ [2](https://arxiv.org/html/2510.23883v1#bib.bib2 "")\] to modern deep learning architectures \[ [3](https://arxiv.org/html/2510.23883v1#bib.bib3 "")\], AI has steadily expanded in both capability and scope. Traditionally and over the past decade, AI has excelled at narrow, task-specific applications such as image classification, speech recognition, recommendation systems, and predictive analytics \[ [4](https://arxiv.org/html/2510.23883v1#bib.bib4 ""), [3](https://arxiv.org/html/2510.23883v1#bib.bib3 "")\]. These systems typically operate within well-defined boundaries and are optimized for performance on constrained datasets, but lack the ability to flexibly adapt beyond their original input/output designs.

Report issue for preceding element

Recently, the advent of large language models (LLMs), such as OpenAI’s GPT \[ [5](https://arxiv.org/html/2510.23883v1#bib.bib5 ""), [6](https://arxiv.org/html/2510.23883v1#bib.bib6 "")\] and Meta’s LLaMA \[ [7](https://arxiv.org/html/2510.23883v1#bib.bib7 "")\], has marked a paradigm shift for AI models. Trained on vast corpora of text (and now, even multimodal data), these models exhibit impressive generalization abilities and can generate coherent, contextually relevant responses across a wide range of domains \[ [8](https://arxiv.org/html/2510.23883v1#bib.bib8 ""), [9](https://arxiv.org/html/2510.23883v1#bib.bib9 "")\]. LLMs have enabled breakthroughs in conversational agents, code generation, content summarization, and multimodal reasoning \[

... (truncated, 98 KB total)
Resource ID: 307088cd981d31e1 | Stable ID: MjlmZDY5OG